Configure StoreFront 2.6
Let´s create a new deployment and see what we can configure.
First of all we need to insert the Base URL. In case of my demo-lab this is https://RISCWWW9001. We will change this in later post to a NetScaler Load-balanced address, but to keep it simple in the first step we will accept this option. NEXT.
Now we need to give the Store a name. I will name it myStore. NEXT.
We need to assign one or more Delivery Controllers this StoreFront server will talk to. In the moment there are only this two non-balanced DCs in place. Later we will change this to a NetScaler load-balanced solution. We will use HTTPS for security reasons. OK.
In enterprise deployments SSL should be used whenever possible. In big environments you should consider SSL-termination on the NetScaler appliance because of performance reasons.
The Controllers were added. NEXT.
We have no CAG in place now. CREATE.
But wait…what could we configure?
- None – only internal access is possible
- No VPN Tunnel – this is access through an Access Gateway without VPN functionality
- Full VPN tunnel – means we have the Gateway PlugIn installed on the endpoint to establish a VPN
As you can see the store was created and is reachable under https://riscwws9001/Citrix/myStoreWeb. Lets finish this first initial setup and have a look at what we can configure.
Store email discovery
If you want your users to discover the Store by using their email-address you need to create a SRV record on your DNS servers. Email-based account discovery is not available if Citrix Receiver is downloaded from any other location, such as a Receiver for Web site, and cannot be used with Citrix Receiver Updater. You must also install a valid server certificate on the NetScaler Gateway appliance or StoreFront server to enable email-based account discovery. The full chain to the root certificate must also be valid. Citrix Receiver requires that the StoreFront FQDN is a unique address that is only resolvable from user devices connected to the internal network.
Now that we have created a basic unconfigured StoreFront deployment we will have a look at the features and options we can configure.
Start the Citrix StoreFront Console.
This is what it looks like when we open it for the first time. We now can View or Change a store or create a new one. On the left side we have the known options:
- Server Group
- Receiver for Web
- NetScaler Gateway
Let´s dive a little bit deeper…
Under Server Group we have the following options:
- Add Server
- Change Base URL
- Generate Security Keys
When you want to join a second StoreFront server to your deployment you need to start the “Add Server” Wizard. In this process a security token is shown on the first StoreFront server and you need to type the code on your second server in order to join it successfully.
If for some reason you need to change the Base URL for your deployment you can do it here. All Stores and StoreFront services are affected by this change.
If you use a server group Citrix recommends generating new Security Keys from time to time. Users authenticated to Stores then need to reauthenticate.
Available authentication Methods:
We need to configure the Authentication service. Username and password is configured automatically.
Additional Authentication services need to be added separately.
- User name and password
- Domain pass-through
- Smart card
- Install the Smart-Card middleware on the VDAs
- Check that certificate to account mapping is configured correctly
- Ensure that accounts for all users are configured either within the Microsoft Active Directory domain or that a correct two-way-trust is in place
- Assign appropriate Certificates on the StoreFront or/and NetScaler appliances
- Configure SSL on the servers
- edit the default.ica on the StoreFront servers for single sign on. The default.ica can be found under the following path:
This leads to explizit authentication and users have to enter their credentials when accessing the Store
Pass-through authentication with Active Directory accounts. Don´t forget to install the Receiver with pass-through enabled.
There are some things to consider before we can use Smart-Cards with StoreFront: